pf(4) NAT syntax change

As described in more detail in this mailing list post, PF's separate nat/rdr/binat (translation) rules have been replaced with actions on regular match/filter rules. Simple rulesets may be converted like this:

match out on $ext_if from 10/8 nat-to ($ext_if)
match in on $ext_if to ($ext_if) rdr-to 1.2.3.4

and...

binat on $ext_if from $web_serv_int to any -> $web_serv_ext

becomes

match on $ext_if from $web_serv_int to any binat-to $web_serv_ext

nat-anchor and/or rdr-anchor lines, e.g. for relayd(8), ftp-proxy(8) and tftp-proxy(8), are no longer used and should be removed from pf.conf(5), leaving only the anchor lines. Translation rules relating to these and spamd(8) will need to be adjusted as appropriate.

N.B.: Previously, translation rules had "stop at first match" behaviour, with binat being evaluated first, followed by nat/rdr depending on direction of the packet. Now the filter rules are subject to the usual "last match" behaviour, so care must be taken with rule ordering when converting.

pf(4) route-to/reply-to syntax change

The route-to, reply-to, dup-to and fastroute options in pf.conf move to filteropts;

pass in on $ext_if route-to (em1 192.168.1.1) from 10.1.1.1
pass in on $ext_if reply-to (em1 192.168.1.1) to 10.1.1.1

becomes

pass in on $ext_if from 10.1.1.1 route-to (em1 192.168.1.1)
pass in on $ext_if to 10.1.1.1 reply-to (em1 192.168.1.1)

I had it working for over six months now. Since no one was posting an answer and this is basically working now, I decided to post my own solution. Given that this thread has over 1k views, this might help someone...